How does permission levels work when webs do not inherit permissions? I have a site collection with 3 webs:

Root
Subweb
LeafWeb

Each web has unique permissions. I also have a permission level called "Content Responsible" which grants (for testing purposes) all permissions. My problem is that if I create a group at LeafWeb and give it permissions from Content Responsible the users in that group do not have access to read the web. The permission level seems to be inherited because I'm unable to make any modifications to it at the LeafWeb and if I change what permissions are given at Root these changes can be seen at LeafWeb. What is happening here?

Edit: Basically what I want is to give a user more rights at a lower level than at a higher one.

Edit: I've tried doing it trough the UI, but that does not seem to work either. Here's what I did:

Create new web below the root web.

Break inheritance from the permissions page.

Create new group with "adminLevel" permission level.

Add user to group.

The user still does not have access.

Edit2: Reverting to the default masterpage did not work.

Edit3: The groups I'm adding are actually SP groups with one AD group inside. Once I apply rights directly to the AD groups it seems to work down to Subweb as the AD groups get the correct rights, but the problem still remains for LeafWeb. How is this even possible?

1 Answer
1

The problem was a combination of me not being rigorous enough during testing and overlooking some checked out pages and that my masterpage gallery did not inherit permissions at the site collection level. This resulted in the user not being able to view the frontpage (checked out and not published) and create pages which I mistook for not having any rights at all.

For future reference: SharePoint seems to report all libraries and other items that have unique permissions within a site if you open the Site permissions (_layouts/user.aspx) page. It seems it DOES NOT report whether the masterpage gallery has unique permissions.